1. 28 Mar, 2019 13 commits
  2. 27 Mar, 2019 1 commit
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 1a9df9e2
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Fixes here and there, a couple new device IDs, as usual:
      
         1) Fix BQL race in dpaa2-eth driver, from Ioana Ciornei.
      
         2) Fix 64-bit division in iwlwifi, from Arnd Bergmann.
      
         3) Fix documentation for some eBPF helpers, from Quentin Monnet.
      
         4) Some UAPI bpf header sync with tools, also from Quentin Monnet.
      
         5) Set descriptor ownership bit at the right time for jumbo frames in
            stmmac driver, from Aaro Koskinen.
      
         6) Set IFF_UP properly in tun driver, from Eric Dumazet.
      
         7) Fix load/store doubleword instruction generation in powerpc eBPF
            JIT, from Naveen N. Rao.
      
         8) nla_nest_start() return value checks all over, from Kangjie Lu.
      
         9) Fix asoc_id handling in SCTP after the SCTP_*_ASSOC changes this
            merge window. From Marcelo Ricardo Leitner and Xin Long.
      
        10) Fix memory corruption with large MTUs in stmmac, from Aaro
            Koskinen.
      
        11) Do not use ipv4 header for ipv6 flows in TCP and DCCP, from Eric
            Dumazet.
      
        12) Fix topology subscription cancellation in tipc, from Erik Hugne.
      
        13) Memory leak in genetlink error path, from Yue Haibing.
      
        14) Valid control actions properly in packet scheduler, from Davide
            Caratti.
      
        15) Even if we get EEXIST, we still need to rehash if a shrink was
            delayed. From Herbert Xu.
      
        16) Fix interrupt mask handling in interrupt handler of r8169, from
            Heiner Kallweit.
      
        17) Fix leak in ehea driver, from Wen Yang"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (168 commits)
        dpaa2-eth: fix race condition with bql frame accounting
        chelsio: use BUG() instead of BUG_ON(1)
        net: devlink: skip info_get op call if it is not defined in dumpit
        net: phy: bcm54xx: Encode link speed and activity into LEDs
        tipc: change to check tipc_own_id to return in tipc_net_stop
        net: usb: aqc111: Extend HWID table by QNAP device
        net: sched: Kconfig: update reference link for PIE
        net: dsa: qca8k: extend slave-bus implementations
        net: dsa: qca8k: remove leftover phy accessors
        dt-bindings: net: dsa: qca8k: support internal mdio-bus
        dt-bindings: net: dsa: qca8k: fix example
        net: phy: don't clear BMCR in genphy_soft_reset
        bpf, libbpf: clarify bump in libbpf version info
        bpf, libbpf: fix version info and add it to shared object
        rxrpc: avoid clang -Wuninitialized warning
        tipc: tipc clang warning
        net: sched: fix cleanup NULL pointer exception in act_mirr
        r8169: fix cable re-plugging issue
        net: ethernet: ti: fix possible object reference leak
        net: ibm: fix possible object reference leak
        ...
      1a9df9e2
  3. 26 Mar, 2019 25 commits
    • Yue Haibing's avatar
      fm10k: Fix a potential NULL pointer dereference · 01ca6671
      Yue Haibing authored
      Syzkaller report this:
      
      kasan: GPF could be caused by NULL-ptr deref or user memory access
      general protection fault: 0000 [#1] SMP KASAN PTI
      CPU: 0 PID: 4378 Comm: syz-executor.0 Tainted: G         C        5.0.0+ #5
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
      RIP: 0010:__lock_acquire+0x95b/0x3200 kernel/locking/lockdep.c:3573
      Code: 00 0f 85 28 1e 00 00 48 81 c4 08 01 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 24 00 00 49 81 7d 00 e0 de 03 a6 41 bc 00 00
      RSP: 0018:ffff8881e3c07a40 EFLAGS: 00010002
      RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
      RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000080
      RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
      R10: ffff8881e3c07d98 R11: ffff8881c7f21f80 R12: 0000000000000001
      R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000001
      FS:  00007fce2252e700(0000) GS:ffff8881f2400000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007fffc7eb0228 CR3: 00000001e5bea002 CR4: 00000000007606f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      PKRU: 55555554
      Call Trace:
       lock_acquire+0xff/0x2c0 kernel/locking/lockdep.c:4211
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0xdf/0x1050 kernel/locking/mutex.c:1072
       drain_workqueue+0x24/0x3f0 kernel/workqueue.c:2934
       destroy_workqueue+0x23/0x630 kernel/workqueue.c:4319
       __do_sys_delete_module kernel/module.c:1018 [inline]
       __se_sys_delete_module kernel/module.c:961 [inline]
       __x64_sys_delete_module+0x30c/0x480 kernel/module.c:961
       do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x462e99
      Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
      RSP: 002b:00007fce2252dc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
      RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140
      RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce2252e6bc
      R13: 00000000004bcca9 R14: 00000000006f6b48 R15: 00000000ffffffff
      
      If alloc_workqueue fails, it should return -ENOMEM, otherwise may
      trigger this NULL pointer dereference while unloading drivers.
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Fixes: 0a38c17a ("fm10k: Remove create_workqueue")
      Signed-off-by: default avatarYue Haibing <yuehaibing@huawei.com>
      Tested-by: default avatarAndrew Bowers <andrewx.bowers@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      01ca6671
    • Stefan Assmann's avatar
      i40e: fix WoL support check · f669d24f
      Stefan Assmann authored
      The current check for WoL on i40e is broken. Code comment says only
      magic packet is supported, so only check for that.
      
      Fixes: 540a152d (i40e/ixgbe/igb: fail on new WoL flag setting WAKE_MAGICSECURE)
      Signed-off-by: default avatarStefan Assmann <sassmann@kpanic.de>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      f669d24f
    • Ivan Vecera's avatar
      ixgbe: fix mdio bus registration · 7ec52b9d
      Ivan Vecera authored
      The ixgbe ignores errors returned from mdiobus_register() and leaves
      adapter->mii_bus non-NULL and MDIO bus state as MDIOBUS_ALLOCATED.
      This triggers a BUG from mdiobus_unregister() during ixgbe_remove() call.
      
      Fixes: 8fa10ef0 ("ixgbe: register a mdiobus")
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Tested-by: default avatarAndrew Bowers <andrewx.bowers@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      7ec52b9d
    • Arvind Sankar's avatar
      igb: Fix WARN_ONCE on runtime suspend · dabb8338
      Arvind Sankar authored
      The runtime_suspend device callbacks are not supposed to save
      configuration state or change the power state. Commit fb29f76cc566
      ("igb: Fix an issue that PME is not enabled during runtime suspend")
      changed the driver to not save configuration state during runtime
      suspend, however the driver callback still put the device into a
      low-power state. This causes a warning in the pci pm core and results in
      pci_pm_runtime_suspend not calling pci_save_state or pci_finish_runtime_suspend.
      
      Fix this by not changing the power state either, leaving that to pci pm
      core, and make the same change for suspend callback as well.
      
      Also move a couple of defines into the appropriate header file instead
      of inline in the .c file.
      
      Fixes: fb29f76cc566 ("igb: Fix an issue that PME is not enabled during runtime suspend")
      Signed-off-by: default avatarArvind Sankar <niveditas98@gmail.com>
      Reviewed-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      dabb8338
    • Jacob Keller's avatar
      i40e: fix i40e_ptp_adjtime when given a negative delta · b3ccbbce
      Jacob Keller authored
      Commit 0ac30ce4 ("i40e: fix up 32 bit timespec references",
      2017-07-26) claims to be cleaning up references to 32-bit timespecs.
      
      The actual contents of the commit make no sense, as it converts a call
      to timespec64_add into timespec64_add_ns. This would seem ok, if (a) the
      change was documented in the commit message, and (b) timespec64_add_ns
      supported negative numbers.
      
      timespec64_add_ns doesn't work with signed deltas, because the
      implementation is based around iter_div_u64_rem. This change resulted in
      a regression where i40e_ptp_adjtime would interpret small negative
      adjustments as large positive additions, resulting in incorrect
      behavior.
      
      This commit doesn't appear to fix anything, is not well explained, and
      introduces a bug, so lets just revert it.
      
      Reverts: 0ac30ce4 ("i40e: fix up 32 bit timespec references", 2017-07-26)
      Signed-off-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Reviewed-by: default avatarArnd Bergmann <arnd@arndb.de>
      Tested-by: default avatarAndrew Bowers <andrewx.bowers@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      b3ccbbce
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.1-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 14c741de
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
        Stable fixes:
         - Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()
         - fix mount/umount race in nlmclnt.
         - NFSv4.1 don't free interrupted slot on open
      
        Bugfixes:
         - Don't let RPC_SOFTCONN tasks time out if the transport is connected
         - Fix a typo in nfs_init_timeout_values()
         - Fix layoutstats handling during read failovers
         - fix uninitialized variable warning"
      
      * tag 'nfs-for-5.1-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        SUNRPC: fix uninitialized variable warning
        pNFS/flexfiles: Fix layoutstats handling during read failovers
        NFS: Fix a typo in nfs_init_timeout_values()
        SUNRPC: Don't let RPC_SOFTCONN tasks time out if the transport is connected
        NFSv4.1 don't free interrupted slot on open
        NFS: fix mount/umount race in nlmclnt.
        NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data()
      14c741de
    • Alakesh Haloi's avatar
      SUNRPC: fix uninitialized variable warning · 01f2f5b8
      Alakesh Haloi authored
      Avoid following compiler warning on uninitialized variable
      
      net/sunrpc/xprtsock.c: In function ‘xs_read_stream_request.constprop’:
      net/sunrpc/xprtsock.c:525:10: warning: ‘read’ may be used uninitialized in this function [-Wmaybe-uninitialized]
         return read;
                ^~~~
      net/sunrpc/xprtsock.c:529:23: warning: ‘ret’ may be used uninitialized in this function [-Wmaybe-uninitialized]
        return ret < 0 ? ret : read;
               ~~~~~~~~~~~~~~^~~~~~
      Signed-off-by: default avatarAlakesh Haloi <alakesh.haloi@gmail.com>
      Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
      01f2f5b8
    • Ioana Ciornei's avatar
      dpaa2-eth: fix race condition with bql frame accounting · 8c838f53
      Ioana Ciornei authored
      It might happen that Tx conf acknowledges a frame before it was
      subscribed in bql, as subscribing was previously done after the enqueue
      operation.
      
      This patch moves the netdev_tx_sent_queue call before the actual frame
      enqueue, so that this can never happen.
      
      Fixes: 569dac6a ("dpaa2-eth: bql support")
      Signed-off-by: default avatarIoana Ciornei <ioana.ciornei@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c838f53
    • Arnd Bergmann's avatar
      chelsio: use BUG() instead of BUG_ON(1) · 047a013f
      Arnd Bergmann authored
      clang warns about possible bugs in a dead code branch after
      BUG_ON(1) when CONFIG_PROFILE_ALL_BRANCHES is enabled:
      
       drivers/net/ethernet/chelsio/cxgb4/sge.c:479:3: error: variable 'buf_size' is used uninitialized whenever 'if'
            condition is false [-Werror,-Wsometimes-uninitialized]
                      BUG_ON(1);
                      ^~~~~~~~~
       include/asm-generic/bug.h:61:36: note: expanded from macro 'BUG_ON'
       #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
                                         ^~~~~~~~~~~~~~~~~~~
       include/linux/compiler.h:48:23: note: expanded from macro 'unlikely'
       #  define unlikely(x)   (__branch_check__(x, 0, __builtin_constant_p(x)))
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       drivers/net/ethernet/chelsio/cxgb4/sge.c:482:9: note: uninitialized use occurs here
              return buf_size;
                     ^~~~~~~~
       drivers/net/ethernet/chelsio/cxgb4/sge.c:479:3: note: remove the 'if' if its condition is always true
                      BUG_ON(1);
                      ^
       include/asm-generic/bug.h:61:32: note: expanded from macro 'BUG_ON'
       #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0)
                                     ^
       drivers/net/ethernet/chelsio/cxgb4/sge.c:459:14: note: initialize the variable 'buf_size' to silence this warning
              int buf_size;
                          ^
                           = 0
      
      Use BUG() here to create simpler code that clang understands
      correctly.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      047a013f
    • Jiri Pirko's avatar
      net: devlink: skip info_get op call if it is not defined in dumpit · c493b09b
      Jiri Pirko authored
      In dumpit, unlike doit, the check for info_get op being defined
      is missing. Add it and avoid null pointer dereference in case driver
      does not define this op.
      
      Fixes: f9cf2288 ("devlink: add device information API")
      Reported-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c493b09b
    • Vladimir Oltean's avatar
      net: phy: bcm54xx: Encode link speed and activity into LEDs · 450895d0
      Vladimir Oltean authored
      Previously the green and amber LEDs on this quad PHY were solid, to
      indicate an encoding of the link speed (10/100/1000).
      
      This keeps the LEDs always on just as before, but now they flash on
      Rx/Tx activity.
      Signed-off-by: default avatarVladimir Oltean <olteanv@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      450895d0
    • Xin Long's avatar
      tipc: change to check tipc_own_id to return in tipc_net_stop · 9926cb5f
      Xin Long authored
      When running a syz script, a panic occurred:
      
      [  156.088228] BUG: KASAN: use-after-free in tipc_disc_timeout+0x9c9/0xb20 [tipc]
      [  156.094315] Call Trace:
      [  156.094844]  <IRQ>
      [  156.095306]  dump_stack+0x7c/0xc0
      [  156.097346]  print_address_description+0x65/0x22e
      [  156.100445]  kasan_report.cold.3+0x37/0x7a
      [  156.102402]  tipc_disc_timeout+0x9c9/0xb20 [tipc]
      [  156.106517]  call_timer_fn+0x19a/0x610
      [  156.112749]  run_timer_softirq+0xb51/0x1090
      
      It was caused by the netns freed without deleting the discoverer timer,
      while later on the netns would be accessed in the timer handler.
      
      The timer should have been deleted by tipc_net_stop() when cleaning up a
      netns. However, tipc has been able to enable a bearer and start d->timer
      without the local node_addr set since Commit 52dfae5c ("tipc: obtain
      node identity from interface by default"), which caused the timer not to
      be deleted in tipc_net_stop() then.
      
      So fix it in tipc_net_stop() by changing to check local node_id instead
      of local node_addr, as Jon suggested.
      
      While at it, remove the calling of tipc_nametbl_withdraw() there, since
      tipc_nametbl_stop() will take of the nametbl's freeing after.
      
      Fixes: 52dfae5c ("tipc: obtain node identity from interface by default")
      Reported-by: syzbot+a25307ad099309f1c2b9@syzkaller.appspotmail.com
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Acked-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9926cb5f
    • Dmitry Bezrukov's avatar
      net: usb: aqc111: Extend HWID table by QNAP device · b7ebee2f
      Dmitry Bezrukov authored
      New device of QNAP based on aqc111u
      Add this ID to blacklist of cdc_ether driver as well
      Signed-off-by: default avatarDmitry Bezrukov <dmitry.bezrukov@aquantia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b7ebee2f
    • Leslie Monis's avatar
      net: sched: Kconfig: update reference link for PIE · 1f8389bf
      Leslie Monis authored
      RFC 8033 replaces the IETF draft for PIE
      Signed-off-by: default avatarLeslie Monis <lesliemonis@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f8389bf
    • Christian Lamparter's avatar
      net: dsa: qca8k: extend slave-bus implementations · db460c54
      Christian Lamparter authored
      This patch implements accessors for the QCA8337 MDIO access
      through the MDIO_MASTER register, which makes it possible to
      access the PHYs on slave-bus through the switch. In cases
      where the switch ports are already mapped via external
      "phy-phandles", the internal mdio-bus is disabled in order to
      prevent a duplicated discovery and enumeration of the same
      PHYs. Don't use mixed external and internal mdio-bus
      configurations, as this is not supported by the hardware.
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      db460c54
    • Christian Lamparter's avatar
      net: dsa: qca8k: remove leftover phy accessors · 1eec7151
      Christian Lamparter authored
      This belated patch implements Andrew Lunn's request of
      "remove the phy_read() and phy_write() functions."
      <https://lore.kernel.org/patchwork/comment/902734/>
      
      While seemingly harmless, this causes the switch's user
      port PHYs to get registered twice. This is because the
      DSA subsystem will create a slave mdio-bus not knowing
      that the qca8k_phy_(read|write) accessors operate on
      the external mdio-bus. So the same "bus" gets effectively
      duplicated.
      
      Cc: stable@vger.kernel.org
      Fixes: 6b93fb46 ("net-next: dsa: add new driver for qca8xxx family")
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1eec7151
    • Christian Lamparter's avatar
      dt-bindings: net: dsa: qca8k: support internal mdio-bus · 5e07321f
      Christian Lamparter authored
      This patch updates the qca8k's binding to document to the
      approach for using the internal mdio-bus of the supported
      qca8k switches.
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5e07321f
    • Christian Lamparter's avatar
      dt-bindings: net: dsa: qca8k: fix example · fb1eb41a
      Christian Lamparter authored
      In the example, the phy at phy@0 is clashing with
      the switch0@0 at the same address. Usually, the switches
      are accessible through pseudo PHYs which in case of the
      qca8k are located at 0x10 - 0x18.
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fb1eb41a
    • Linus Torvalds's avatar
      Merge tag 'for-5.1-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 65ae6893
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
      
       - fsync fixes: i_size for truncate vs fsync, dio vs buffered during
         snapshotting, remove complicated but incomplete assertion
      
       - removed excessive warnigs, misreported device stats updates
      
       - fix raid56 page mapping for 32bit arch
      
       - fixes reported by static analyzer
      
      * tag 'for-5.1-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        Btrfs: fix assertion failure on fsync with NO_HOLES enabled
        btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size
        btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks
        btrfs: raid56: properly unmap parity page in finish_parity_scrub()
        btrfs: don't report readahead errors and don't update statistics
        Btrfs: fix file corruption after snapshotting due to mix of buffered/DIO writes
        btrfs: remove WARN_ON in log_dir_items
        Btrfs: fix incorrect file size after shrinking truncate and fsync
      65ae6893
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 26a3b01b
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Three small fixes:
      
         - A fix to a double free in the histogram code
      
         - Uninitialized variable fix
      
         - Use NULL instead of zero fix and spelling fixes"
      
      * tag 'trace-v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        ftrace: Fix warning using plain integer as NULL & spelling corrections
        tracing: initialize variable in create_dyn_event()
        tracing: Remove unnecessary var_ref destroy in track_data_destroy()
      26a3b01b
    • Linus Torvalds's avatar
      Merge tag 'locks-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux · 9798a22d
      Linus Torvalds authored
      Pull file locking bugfix from Jeff Layton:
       "Just a single fix for a bug that crept into POSIX lock deadlock
        detection in v5.0"
      
      * tag 'locks-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
        locks: wake any locks blocked on request before deadlock check
      9798a22d
    • Hariprasad Kelam's avatar
      ftrace: Fix warning using plain integer as NULL & spelling corrections · 9efb85c5
      Hariprasad Kelam authored
      Changed  0 --> NULL to avoid sparse warning
      Corrected spelling mistakes reported by checkpatch.pl
      Sparse warning below:
      
      sudo make C=2 CF=-D__CHECK_ENDIAN__ M=kernel/trace
      
      CHECK   kernel/trace/ftrace.c
      kernel/trace/ftrace.c:3007:24: warning: Using plain integer as NULL pointer
      kernel/trace/ftrace.c:4758:37: warning: Using plain integer as NULL pointer
      
      Link: http://lkml.kernel.org/r/20190323183523.GA2244@hari-Inspiron-1545Signed-off-by: default avatarHariprasad Kelam <hariprasad.kelam@gmail.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      9efb85c5
    • Frank Rowand's avatar
      tracing: initialize variable in create_dyn_event() · 3dee10da
      Frank Rowand authored
      Fix compile warning in create_dyn_event(): 'ret' may be used uninitialized
      in this function [-Wuninitialized].
      
      Link: http://lkml.kernel.org/r/1553237900-8555-1-git-send-email-frowand.list@gmail.com
      
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
      Cc: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
      Cc: stable@vger.kernel.org
      Fixes: 5448d44c ("tracing: Add unified dynamic event framework")
      Signed-off-by: default avatarFrank Rowand <frank.rowand@sony.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      3dee10da
    • Tom Zanussi's avatar
      tracing: Remove unnecessary var_ref destroy in track_data_destroy() · ff9d31d0
      Tom Zanussi authored
      Commit 656fe2ba (tracing: Use hist trigger's var_ref array to
      destroy var_refs) centralized the destruction of all the var_refs
      in one place so that other code didn't have to do it.
      
      The track_data_destroy() added later ignored that and also destroyed
      the track_data var_ref, causing a double-free error flagged by KASAN.
      
      ==================================================================
      BUG: KASAN: use-after-free in destroy_hist_field+0x30/0x70
      Read of size 8 at addr ffff888086df2210 by task bash/1694
      
      CPU: 6 PID: 1694 Comm: bash Not tainted 5.1.0-rc1-test+ #15
      Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03
      07/14/2016
      Call Trace:
       dump_stack+0x71/0xa0
       ? destroy_hist_field+0x30/0x70
       print_address_description.cold.3+0x9/0x1fb
       ? destroy_hist_field+0x30/0x70
       ? destroy_hist_field+0x30/0x70
       kasan_report.cold.4+0x1a/0x33
       ? __kasan_slab_free+0x100/0x150
       ? destroy_hist_field+0x30/0x70
       destroy_hist_field+0x30/0x70
       track_data_destroy+0x55/0xe0
       destroy_hist_data+0x1f0/0x350
       hist_unreg_all+0x203/0x220
       event_trigger_open+0xbb/0x130
       do_dentry_open+0x296/0x700
       ? stacktrace_count_trigger+0x30/0x30
       ? generic_permission+0x56/0x200
       ? __x64_sys_fchdir+0xd0/0xd0
       ? inode_permission+0x55/0x200
       ? security_inode_permission+0x18/0x60
       path_openat+0x633/0x22b0
       ? path_lookupat.isra.50+0x420/0x420
       ? __kasan_kmalloc.constprop.12+0xc1/0xd0
       ? kmem_cache_alloc+0xe5/0x260
       ? getname_flags+0x6c/0x2a0
       ? do_sys_open+0x149/0x2b0
       ? do_syscall_64+0x73/0x1b0
       ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
       ? _raw_write_lock_bh+0xe0/0xe0
       ? __kernel_text_address+0xe/0x30
       ? unwind_get_return_address+0x2f/0x50
       ? __list_add_valid+0x2d/0x70
       ? deactivate_slab.isra.62+0x1f4/0x5a0
       ? getname_flags+0x6c/0x2a0
       ? set_track+0x76/0x120
       do_filp_open+0x11a/0x1a0
       ? may_open_dev+0x50/0x50
       ? _raw_spin_lock+0x7a/0xd0
       ? _raw_write_lock_bh+0xe0/0xe0
       ? __alloc_fd+0x10f/0x200
       do_sys_open+0x1db/0x2b0
       ? filp_open+0x50/0x50
       do_syscall_64+0x73/0x1b0
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      RIP: 0033:0x7fa7b24a4ca2
      Code: 25 00 00 41 00 3d 00 00 41 00 74 4c 48 8d 05 85 7a 0d 00 8b 00 85 c0
      75 6d 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff
      0f 87 a2 00 00 00 48 8b 4c 24 28 64 48 33 0c 25
      RSP: 002b:00007fffbafb3af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
      RAX: ffffffffffffffda RBX: 000055d3648ade30 RCX: 00007fa7b24a4ca2
      RDX: 0000000000000241 RSI: 000055d364a55240 RDI: 00000000ffffff9c
      RBP: 00007fffbafb3bf0 R08: 0000000000000020 R09: 0000000000000002
      R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000000
      R13: 0000000000000003 R14: 0000000000000001 R15: 000055d364a55240
      ==================================================================
      
      So remove the track_data_destroy() destroy_hist_field() call for that
      var_ref.
      
      Link: http://lkml.kernel.org/r/1deffec420f6a16d11dd8647318d34a66d1989a9.camel@linux.intel.com
      
      Fixes: 466f4528 ("tracing: Generalize hist trigger onmax and save action")
      Reported-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarTom Zanussi <tom.zanussi@linux.intel.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      ff9d31d0
    • Heiner Kallweit's avatar
      net: phy: don't clear BMCR in genphy_soft_reset · d29f5aa0
      Heiner Kallweit authored
      So far we effectively clear the BMCR register. Some PHY's can deal
      with this (e.g. because they reset BMCR to a default as part of a
      soft-reset) whilst on others this causes issues because e.g. the
      autoneg bit is cleared. Marvell is an example, see also thread [0].
      So let's be a little bit more gentle and leave all bits we're not
      interested in as-is. This change is needed for PHY drivers to
      properly deal with the original patch.
      
      [0] https://marc.info/?t=155264050700001&r=1&w=2
      
      Fixes: 6e2d85ec ("net: phy: Stop with excessive soft reset")
      Tested-by: default avatarPhil Reid <preid@electromag.com.au>
      Tested-by: default avatarliweihang <liweihang@hisilicon.com>
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d29f5aa0
  4. 25 Mar, 2019 1 commit
    • Linus Torvalds's avatar
      Revert "parport: daisy: use new parport device model" · a3ac7917
      Linus Torvalds authored
      This reverts commit 1aec4211.
      
      Steven Rostedt reports that it causes a hang at bootup and bisected it
      to this commit.
      
      The troigger is apparently a module alias for "parport_lowlevel" that
      points to "parport_pc", which causes a hang with
      
          modprobe -q -- parport_lowlevel
      
      blocking forever with a backtrace like this:
      
          wait_for_completion_killable+0x1c/0x28
          call_usermodehelper_exec+0xa7/0x108
          __request_module+0x351/0x3d8
          get_lowlevel_driver+0x28/0x41 [parport]
          __parport_register_driver+0x39/0x1f4 [parport]
          daisy_drv_init+0x31/0x4f [parport]
          parport_bus_init+0x5d/0x7b [parport]
          parport_default_proc_register+0x26/0x1000 [parport]
          do_one_initcall+0xc2/0x1e0
          do_init_module+0x50/0x1d4
          load_module+0x1c2e/0x21b3
          sys_init_module+0xef/0x117
      
      Supid says:
       "Due to the new device model daisy driver will now try to find the
        parallel ports while trying to register its driver so that it can bind
        with them. Now, since daisy driver is loaded while parport bus is
        initialising the list of parport is still empty and it tries to load
        the lowlevel driver, which has an alias set to parport_pc, now causes
        a deadlock"
      
      But I don't think the daisy driver should be loaded by the parport
      initialization in the first place, so let's revert the whole change.
      
      If the daisy driver can just initialize separately on its own (like a
      driver should), instead of hooking into the parport init sequence
      directly, this issue probably would go away.
      Reported-and-bisected-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Reported-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a3ac7917